deny message = Forged HELO: you are not $sender_helo_name our local domain and you are not allowed to use as per RFC standards.
log_message = Forged HELO as local domain
!hosts = +relay_hosts
!authenticated = *
condition = ${if match_domain{$sender_helo_name}{+local_domains}{ye s}{no}}

deny message = Potential executable content. If you meant to send this file \
then please package it up as a zip file and resend it.
demime = ade:adp:bas:bat:chm:cmd:com:cpl:crt:eml:exe:hlp:hta:inf:ins:isp:jse:lnk:mdb:mde:msc:msi:msp:pcd:reg:scr:sct:shs:url:vbs:vbe:wsf:wsh:wsc

##### end clamav ACL

# Add X-Scanned Header
warn message = X-Antivirus-Scanned: Clean but you should still have anti-virus software

#deny condition = ${if !def:h_Message-ID: {1}}
#message = Message SHOULD have Message-ID: but does not

Click on Advanced Editor. Scroll down to 3rd box. Look for the following text:

#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.

by example, someone, at 3rd party server, configures a redirection from domain.xxx to mydomain.xxx (mydomain.xxx is hosted by me). The redirect is legitimal.

Now, some legitimal hotmail.com address send an email to domain.xxx, which obviously is redirected to my server, to mydomain.xxx....... well, my server refuses this email because the hostname redirecting the email is not hotmail.com, so it would be a Faked HELO error.

It is tested.... redirections would be refused, instead of being legitimal, so it is not a good idea, although I like it very much.